ExamTopics Logo
Mail Us[email protected]
Menu
Comptia Discussions
exam questions

Exam CS0-002 All Questions

View all questions & answers for the CS0-002 exam
Go to Exam

Exam CS0-002 topic 1 question 276 discussion

Actual exam question from CompTIA's CS0-002
Question #: 276
Topic #: 1
[All CS0-002 Questions]

An analyst needs to forensically examine a Windows machine that was compromised by a threat actor. Intelligence reports state this specific threat actor is characterized by hiding malicious artifacts, especially with alternate data streams. Based on this intelligence, which of the following BEST explains alternate data streams?

  • A. A different way data can be streamlined if the user wants to use less memory on a Windows system for forking resources.
  • B. A way to store data on an external drive attached to a Windows machine that is not readily accessible to users.
  • C. A Windows attribute that provides for forking resources and is potentially used to hide the presence of secret or malicious files inside the file records of a benign file.
  • D. A Windows attribute that can be used by attackers to hide malicious files within system memory.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by gnnggnnggnng at Feb. 3, 2023, 10:53 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
gnnggnnggnng
Highly Voted 2 years, 2 months ago
Selected Answer: C
Alternate data streams (ADS) is a Windows attribute that allows multiple data streams to be associated with a single file on the NTFS file system. This feature can be used to store additional information or metadata associated with a file. While it can be used for benign purposes, it can also be abused by attackers to hide malicious files within the file records of a benign file. By doing this, the malicious files can evade detection from traditional security tools that only examine the file's main data stream. In the scenario described, the intelligence reports suggest that the threat actor is known for using ADS to hide malicious artifacts, so it is likely that the Windows machine compromised by this threat actor may have evidence of the attack hidden in the ADS. The analyst needs to be aware of the possibility of ADS when examining the machine and must use specialized tools or techniques to find and extract evidence from the ADS.
upvoted 9 times
2Fish
2 years, 1 month ago
Agree. Attackers can use Alternate Data Streams to conceal malware, such as Trojans or backdoors, within legitimate files, making it difficult for antivirus software to detect and remove the threat.
upvoted 1 times
...
...
NerdAlert
Most Recent 2 years ago
Selected Answer: C
I know it's C, however, "Based on this intelligence"? ...I dont think the question really helps clarify what the answer is.
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago